lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20070219145708.GA7488@fiedlerfamily.net>
Date: Mon, 19 Feb 2007 09:57:08 -0500
From: Juergen Fiedler <juergen@...dlerfamily.net>
To: Andres Riancho <andres.riancho@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: phishing sites examples "source code"

On Thu, Feb 15, 2007 at 11:13:39PM -0300, Andres Riancho wrote:
>    Hi,
> 
>        For a research i'm doing I need a somehow "big"(around 100 would be
>    nice...) amount of phishing sites html code . I have googled for them but
>    I only get a lot of screenshots of those sites, not the actual code.
>    Anyone has an idea of where I could get those sites html ?

Keep in mind that the HTML is most likely directly lifted from the
site that the phishers are spoofing - the only thing that changes is
the action for the login form; you can't readily get to the source
code for the form action because it is done in some sort of server
side scripting (CGI, PHP, ASP, whatever...) that can't readily be
viewed from the client side.
That said, I have run into one or two phishers who compromise a site
(or create a throwaway site themselves), upload their scripts in a
tarball, install them - and then leave the tarball around for
posterity to analyze. I kid you not.
Unfortunately, the only good way to get to that source code is by
asking the administrator of a compromised site whether they found
anything that they would be willing to share; going in and poking
around yourself may put you into a legal position that you'd rather
not be in.

HTH,
--j

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ